Home News Rob Gurzeev, CEO & Co-Founding father of CyCognito – Interview Series

Rob Gurzeev, CEO & Co-Founding father of CyCognito – Interview Series

0
Rob Gurzeev, CEO & Co-Founding father of CyCognito – Interview Series

Rob Gurzeev, CEO and Co-Founding father of CyCognito, has led the event of offensive security solutions for each the private sector and intelligence agencies.

Prior to founding CyCognito, he was Director of Offensive Security and head of R&D at C4 Security (acquired by Elbit Systems) and the CTO of the Product Department of the 8200 Israeli Intelligence Corps. Honors that he received as an Israel Defense Forces Officer included Award for Excellence, the Creative Pondering Award and the Source of Life Award.

CyCognito was founded by veterans of national intelligence agencies who understand how attackers exploit blind spots and joined by experienced management from a number of the most trusted cybersecurity corporations.

What initially attracted you to cybersecurity?

I first became enthusiastic about technology across the age of 13 or 14. I began stepping into IRC channels with people interested by technology and what was called “hacking” on the time.

People back then were experimenting with every kind of interesting things like cryptography in messenger apps. They were also experimenting with file sharing. Kids were pranking their friends by sending an executable file that may trigger a funny motion of some kind. For those who give it some thought, this was the premise for what we today call ‘social engineering’ attacks.

This all made me think: what if an individual with bad intentions got a hold of this technology for malicious purposes? 

These early experiences are what kicked off my profession in security. I finally landed within the Israeli Unit 8200 Intelligence Force doing reconnaissance work, and later co-founded CyCognito. 

Could you share the genesis story behind CyCognito?

CyCognito was founded on the attention that attackers are all the time ahead of defenders. They’re smart, relentless and all the time in search of the trail of least resistance. And while all attackers need is one weak spot to interrupt through, security teams need to secure every possible point of entry in an ever-growing, always-evolving attack surface. It’s quite the challenge. 

To compound the issue, most organizations have potential points of entry unseen by security teams but easily discoverable by threat actors.

At some point, I sat down with my Co-founder, Dima Potekhin and we got down to shift the paradigm where as an alternative of deploying agents or instructing a port scanner to scan just a few known IP ranges, we’d create an answer that worked like a world-class attacker, meaning it will begin knowing only an organization’s name after which proceed to discover the assets most in danger and essentially the most tempting open pathways. 

We desired to simulate an attacker’s offensive operation, ranging from the first step, where the attacker knows only the goal company’s name and their goal is to get access to sensitive data.

So, In 2017, we took our national intelligence agency experience and started to make this occur with the mission of helping organizations prevent breaches, by constantly mapping their external exposure blind spots and finding the paths of least resistance into their internal networks. This required leveraging not only advanced offensive cyber knowledge, but in addition modern technology that remains to be quite rarely utilized in our industry, like Bayesian machine learning models, LLM, NLP, and graph data models.

Today, we help emerging and enormous Global 100 corporations secure their attack surfaces from growing threats. A few of our clients include Colgate-Palmolive, State of California, Berlitz, Hitachi, Tesco, simply to name just a few.

What’s External Attack Surface Management?

The textbook definition of External Attack Surface Management (EASM) refers back to the processes and technologies used to discover, assess, and manage the exposure of a company’s digital assets which might be accessible or visible from the web. 

External attack surfaces are vast and sophisticated. A single organization can have a whole lot and 1000’s of systems, applications, cloud instances, supply chains, IoT devices and data exposed to the Web—often sprawling across subsidiaries, multiple clouds, and assets managed by third parties. 

Security teams have limited ability to find these assets. They’re inundated with 1000’s of alerts, but they don’t have the context to know that are critical and which to prioritize. 

Isolating the truly critical issues first requires visibility across the attack surface, but much more importantly, it requires an intensive understanding of the context and purpose of the assets affected. Once that’s established, security teams can calculate attack paths and predict which specific threats matter—those prone to cause serious monetary or reputational damage to the business. Then, the organization can prioritize accurately and remediate for max impact.

Are you able to share your views on the importance of pondering like an attacker to find unknown risks?

In accordance with Verizon’s DBIR, 82% of attacks come from the skin in. Moreover, most breaches in response to Gartner are related to unknown and unmanaged assets.

That is precisely why adopting an outside-in approach to guage your attack surface is critical for assessing and managing cybersecurity risk. Entering into the attacker’s shoes provides an objective view of the crown jewels that live inside your systems and, more importantly, that are exposed and vulnerable. 

As I discussed previously, attack surfaces are ever-growing and sophisticated. Most security teams lack full-spectrum visibility into exposed and vulnerable assets. Attackers know this! And they’ll relentlessly explore the attack surface, looking for the trail of least resistance and that one gap that security teams don’t monitor. Unfortunately, one security gap is all they need to interrupt in. Meanwhile, security teams have the difficult task of identifying the exposures that make their organizations most vulnerable, after which taking motion to guard those entry points. 

How steadily do you discover threats which might be because of external applications and APIs which might be simply not being monitored or tested?

More often than we would love. We recently conducted research showing vulnerable public cloud, mobile and web applications exposing sensitive data, including unsecured APIs and private identifiable information (PII). Listed here are a number of the key findings:

  • 74 percent of assets with PII are vulnerable to at the least one known major exploit, and one in 10 have at the least one easily exploitable issue.
  • 70 percent of web applications have severe security gaps, like lacking WAF protection or an encrypted connection like HTTPS, while 25 percent of all web applications (web apps) lacked each.
  • The everyday global enterprise has over 12 thousand web apps, which include APIs, SaaS applications, servers, and databases, amongst others. No less than 30 percent of those web apps—over 3,000 assets—have at the least one exploitable or high risk vulnerability. Half of those potentially vulnerable web apps are hosted within the cloud.
  • 98 percent of web apps are potentially GDPR non-compliant because of lack of opportunity for users to opt out of cookies.

Our research aside, there’s ample evidence of those threats on the market today. MOVEit exploit is a case point, which remains to be ongoing. 

Are you able to discuss the importance of consolidating the processes and tools to check and manage the attack surface?

‘Stack bloat’ is something most enterprises suffer from. It’s particularly pronounced in security. Most organizations have siloed, disconnected security tools. There was this mantra in security that more platforms will eliminate security gaps. But as an alternative, it opens up the door for human mistakes, redundancies, increased operational load, and blind spots. 

CyCognito was built to do the job of many legacy point solutions. We help corporations consolidate their stack so that they can deal with doing their jobs.

What are some ways in which bad actors are using LLMs and Generative AI to scale attacks?

We now have yet to see large scale attacks using LLMs but it surely’s only a matter of time. From my perspective, LLMs have the potential to supply greater scale, scope, reach, and speed to numerous stages of cyberattacks. 

For instance, LLMs have the potential to speed up automated reconnaissance, where attackers can map and discover a company’s assets, brands, and services, together with sensitive information similar to exposed credentials. LLMs may assist in vulnerability discovery, identifying weaknesses inside a targeted network, and facilitate exploitation through techniques like phishing or watering-hole attacks to achieve access and exploit network vulnerabilities. LLMs may aid in data theft by copying or exfiltrating sensitive data from the network.

Also, consumer applications based on LLMs, most notably ChatGPT, pose a threat as they could be used each intentionally and unintentionally by employees to leak company IP.

Spear-phishing campaigns provide one other use case. High-quality phishing relies on deep understanding of the goal; that’s precisely what large language models can do quite well, because they process large volumes of information in a short time and customize messages effectively. 

How can enterprises in turn use Generative AI to guard themselves?

Great query. That’s the excellent news to all of this. If attackers can use gen AI, so can security teams. Gen AI can assist security teams do reconnaissance on their very own corporations and remediate vulnerabilities. They will more quickly and cost-effectively scan and map their very own attack surfaces to search out exposed sensitive assets, like personal identifiable information (PII), files, etc. 

Gen AI can greatly help understand the business context of any asset. For instance, it will probably help recognize a database holding PII and play a task in revenue transactions. That’s extremely precious.

Gen AI may determine the business purpose of an asset. As an example, it will probably help distinguish between a payment mechanism, a critical database, and a random device—and classify its risk profile. This, in turn, enables security teams to raised prioritize risk. Without the flexibility to prioritize, security teams need to sift through countless vulnerabilities labeled ‘urgent’ when most are literally not mission-critical. 

Why should enterprises be cautious about being overly reliant on Generative AI for defensive purposes?

Generative AI has great potential, but there are inherent issues we’ve got to work through as an industry. 

The massive picture for me is that gen AI models could make security teams complacent. The allure of more automation is great, but manual review is critical given the state of gen AI models today. For instance, gen AI models ‘hallucinate’. In other words, they produce inaccurate outputs.

Also, gen AI models (LLMs, specifically) don’t understand context because they’re built on statistical, temporal text evaluation—which may result in further ‘hallucinations’ which might be very tough to identify.

I understand security teams are increasingly seeking to do ‘more with less’—but human oversight will (and may) all the time be a part of the safety process. 

Are you able to discuss how CyCognito offers automated external attack surface management and continuous testing?

To not sound like a broken record but, as I discussed previously, attack surfaces are vast and sophisticated—they usually proceed to grow.

We built CyCognito to constantly map a whole attack surface beyond the company core to encompass subsidiaries, acquisitions, joint ventures, and brand operations—and attribute each to its rightful owner. 

There are just a few technical capabilities value highlighting. 

Within the black box attack surface discovery process, our platform leverages LLM as one among dozens of sources for “attribution hypotheses” that our Bayesian ML models analyze to find out the organization’s business structure (as much as 1000’s of business units and subsidiaries) and assign assets to owners (at the dimensions of tens of millions of IT assets) completely robotically. 

The platform also accelerates asset classification through Natural Language Processing (NLP) and heuristic algorithms—a task that is mostly costly and resource intensive.

We also provide the business context vital to prioritize risks effectively. Even when a vulnerability affects a thousand machines, CyCognito can discover essentially the most critical one by providing insight into exposure level, business significance, exploitability, and hacker chatter.

We take a holistic approach to External Attack Surface Management which overcomes the trap of treating all critical issues with equal urgency. We enable security to prioritize true critical vectors, saving them money and time.

LEAVE A REPLY

Please enter your comment!
Please enter your name here